`
`571-272-7822
`
`IPR2015-01009, Paper No. 32
`IPR2015-01010, Paper No. 32
`August 15, 2016
`
`
`
`
`RECORD OF ORAL HEARING
`UNITED STATES PATENT AND TRADEMARK OFFICE
`- - - - - -
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`- - - - - -
`APPLE INC.,
`Petitioner,
`vs.
`VIRNETX INC.,
`Patent Owner.
`- - - - - -
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`Technology Center 2400
`Oral Hearing Held: Tuesday, July 19, 2016
`
`
`Before: KARL D. EASTHOM, ROBERT J. WEINSCHENK,
`and BETH Z. SHAW, Administrative Patent Judges.
`
`The above-entitled matter came on for hearing on Tuesday,
`July 19, 2016, at 10:00 a.m., Hearing Room B, taken at the U.S. Patent and
`Trademark Office, 600 Dulany Street, Alexandria, Virginia.
`
`REPORTED BY: RAYMOND G. BRYNTESON, RMR,
`
`CRR, RDR
`
`
`
`APPEARANCES:
`
`ON BEHALF OF THE PETITIONER:
`
`
`
`
`
`
`
`
`
`DANIEL ZEILBERGER, ESQ.
`JOSEPH E. PALYS, ESQ.
`NAVEEN MODI, ESQ.
`Paul Hastings LLP
`875 Fifteenth Street, N.W.
`Washington, D.C. 20005
`202-551-1700
`
`
`
`
`
`
`
`
`
`
`
`
`2
`
`
`
`
`
`
`
`
`
`
`
`SCOTT M. BORDER, ESQ.
`JEFFREY P. KUSHAN, ESQ.
`THOMAS A. BROUGHAN III, ESQ.
`Sidley Austin LLP
`1501 K Street, N.W.
`Washington, D.C. 20005
`202-736-8000
`
`
`
`
`
`
`
`
`ON BEHALF OF THE PATENT OWNER:
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`P R O C E E D I N G S
`
`(10:00 a.m.)
`JUDGE WEINSCHENK: This is a hearing for
`IPR2015- 01009 and IPR2015- 01010, Apple Inc. vs. VirnetX
`Inc.
`
`Let's start with appearances. Who do we have for
`Petitioner?
`MR. BORDER: Your Honor, Scott Border for
`Petitioner Apple. With me are Jeff Kushan, lead counsel, and
`Tom Broughan, backup counsel.
`JUDGE WEINSCHENK: Good morning. And who
`do we have for Patent Owner?
`MR. ZEILBERGER: Good morning, Your Honor.
`Daniel Zeilberger here on behalf of Patent Owner, along with
`lead counsel, Joseph Palys, and Naveen Modi.
`JUDGE WEINSCHENK: Good morning. So as you
`know from our order, each side will have 45 minutes to
`present their case. I will start with Petitioner and then follow
`up with Patent Owner.
`Petitioner, you may begin when you are ready.
`Just let us know how much time you would like to reserve for
`rebuttal, if any.
`MR. BORDER: Yes, Your Honor, I would like to
`-- may I approach?
`JUDGE WEINSCHENK: Sure. Thank you.
`
`
`
`3
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`MR. BORDER: I will use about 25 minutes and
`leave about 20 minutes for rebuttal, Your Honor.
`JUDGE WEINSCHENK: 20 minutes for rebuttal?
`MR. BORDER: Yes, Your Honor.
`Good afternoon, Your Honors, and may it please
`the Board. We are here to discuss two proceedings involving
`the same '643 patent to VirnetX, IPR2015- 01009.
`One primary reference at issue, that's the Windows
`Resource Kit, Exhibit 1005. We have two secondary
`references involved in this proceeding. That's the IE5
`Resource Kit, Exhibit 1006, and the Elgamal patent, which is
`Exhibit 1007.
`We will also be discussing IPR2015- 01010. Those
`involve the references Yeager, which is Exhibit 1008, and the
`IE5 Resource Kit, again, which is Exhibit 1006. There is
`one -- two claims involving RFC 1034. I will discuss those
`proceedings shortly.
`Let's go to slide 3, please. On this slide is the first
`claim of the '643 patent and it is exemplary. It describes a
`method of creating an encrypted communication link between a
`first and second device. The method is comprised of two main
`steps and four sub- steps.
`First, there is enabling at the first device a secure
`communication mode. Second, you establish based on a
`determination that the secure communication mode has been
`
`
`
`4
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`enabled, the encrypted communication link. And then there
`are four sub-steps that comprise the establishing step. Those
`include constructing a domain name, sending a query using the
`domain name, receiving a network address, and then finally
`initiating the establishment of the encrypted communication
`link using encrypted communication link resources.
`Let's go to slide 5. Now, the '643 patent is
`generally directed to a method and apparatus of creating a
`secure -- excuse me, the '643 patent is generally directed to
`secure communication techniques. It describes several
`examples of enabling a secure communication mode.
`What I have included here is, in Exhibit 1001,
`which is the '643 patent at column 50, lines 9 through 19, and
`it explains that one way to enable a secure communication
`mode is by clicking on a "go secure" hyperlink.
`And it further explains that when doing this the
`user does not need to enter any user identification information,
`any passwords or encryption keys.
`And if we can go to slide 6 there is another
`description on an alternative way of entering a communication
`mode. In this one the user simply enters a command into the
`computer. In either case there is no entering of information
`such as passwords, identification information or -- excuse me,
`or passwords. And I note this is at column 49, lines 26 to 53
`of the '643 patent.
`
`
`
`5
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`Let's go to slide 7, please. I've listed on this slide
`some of the primary disputes between the parties that I would
`like to briefly touch on today. The first of which is this first
`element of claim 1 which is enabling a secure communication
`code -- excuse me, mode, without a user entering any
`cryptographic information.
`Let's go to slide 8, please. Before I do that I want
`to give a brief overview of the Windows Resource Kit. At the
`top is a figure depicting the process for establishing a
`connection between computer A, which is listed as host A, and
`computer B, which is listed as host B.
`Windows runs an IP Security policy driver that can
`establish an encrypted connection between those two
`computers. And in step 1 it explains that an application which
`can be, for example, a web browser on computer A generates
`packets to send from computer A to B.
`And when it does so, in step 2, it explains that the
`IP Security driver will check to see if IPSec has been enabled
`and, if so, it will negotiate encryption keys between the two
`computers.
`Before this process begins --
`JUDGE WEINSCHENK: When you say it checks
`to see if IPSec has been enabled, you are checking on host A,
`right?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`6
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`MR. BORDER: That's correct, Your Honor. And,
`in fact, if you can go to slide 11, what the computer will do is
`check the secure -- one of the three default security policies.
`And so in the instance where computer A is either high or
`moderate it will check to see whether IPSec has been enabled.
`In the high instance, not only will it check to see
`whether it has been enabled on computer A, but it will also
`require that computer B have IPSec enabled.
`JUDGE WEINSCHENK: I have a question about
`that actually. Does it require that IPSec be enabled on host B
`or does it just reject communications that aren't secure?
`That's two different things.
`MR. BORDER: That is two different things, Your
`Honor. It does not check at the time, that is, in performing --
`when it is performing this communication mode it does not
`check whether host B has enabled it.
`But if host B is not enabled, when it attempts to
`establish the communications, you are correct, Your Honor, it
`will be rejected.
`JUDGE WEINSCHENK: So there just won't be any
`communication --
`MR. BORDER: That's correct, Your Honor.
`JUDGE WEINSCHENK: -- with host B?
`MR. BORDER: That's correct.
`JUDGE WEINSCHENK: Okay.
`
`
`
`7
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`MR. BORDER: Let's go back to slide 8, please.
`Now, before this process begins in the Windows Resource Kit,
`the Windows reference explains that a name resolution
`mechanism -- excuse me, at the bottom of this passage, and
`this is Exhibit 1005 at page 964 -- it explains that applications
`running on windows machines frequently require users to enter
`host names to identify their destination computers.
`And Windows uses a host name resolution
`mechanism to perform a -- excuse me, and Windows uses a
`host -- a name resolution mechanism such as DNS to resolve
`those names into IP addresses.
`Let's go briefly back to slide 7. And, again, so the
`first claim element we are going to discuss is the enabling
`step.
`
`Let's go to slide 9. We are going to focus on this
`first element. And there are two parts to this claim limitation
`that we are going to focus on. First, whether a secure
`communication mode has been enabled and, second, whether
`that has been done without a user entering any cryptographic
`information.
`Let's go to slide 10. What Windows Resource Kit
`explains is that a user or an administrator can select a default
`policy to implement security. And it is through a drop- down
`menu. It is a little bit blurry, and this is Exhibit 1005 at 1025,
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`8
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`but in the box you can select, for example, one of three
`security options.
`If you go to slide 11, these are the three default
`security options. They range from low, moderate to high. We
`explained in selecting either the moderate or high security
`mode that it satisfies the enabling a secure communication
`mode described in the '643 patent.
`Go to slide 12, please. Now, the claim specified
`enabling the secure communication mode without a user
`entering any cryptographic information.
`Now, the specification describes one example of
`how that is done and it explains that a user does not need to
`enter any user ID information, passwords or encryption keys.
`And, again, this is at column 50, lines 9 through 19.
`If we go back to slide 10, please, and that's exactly
`how the Windows Resource Kit acts. Once configured the user
`need not enter any passwords, encryption keys or other sort of
`identifying information. They simply enter a URL into an
`address and a secure communication mode is enabled.
`Let's go to slide 13, please. And Dr. Tamassia
`explained, Petitioner's expert, that selecting a policy from a
`drop- down box, in doing so the user does not enter any
`cryptographic information. He explained that cryptographic
`information are such things as cryptographic keys, digital
`signatures, hashes, or specific encryption algorithms.
`
`
`
`9
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`So as we explained, Windows Resource Kit shows
`enabling a secure communication mode and it also shows that
`that secure communication mode is enabled without a user
`entering any cryptographic information.
`Let's go to slide 7, please. I want to touch briefly
`on sending a query using the domain name. And if we can go
`back to slide 8.
`Again, this was the passage that we include at the
`bottom of this overview slide where it explains that Windows
`machines operating on these TCP/IP networks use a name
`resolution mechanism, and it identifies one such mechanism as
`DNS.
`
`JUDGE WEINSCHENK: Where is the DNS in that
`figure? Is it shown or do we not know where it is?
`MR. BORDER: It is not known in the figure, Your
`Honor. But this mechanism would occur prior to the
`generating the outbound packs to host B.
`What the Windows Resource explains is that you
`need an IP address to do that. And the way that is done is
`through this host name mechanism described earlier in the
`Windows Resource Kit at page 964.
`JUDGE WEINSCHENK: Does it describe where
`the host name comes from, like how do you get the host name
`for host B?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`10
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`MR. BORDER: It does not -- Your Honor, I'm not
`aware that it describes where the host name comes from, but
`what it explains is that typically users would know computer
`names rather than IP addresses. Such as you might know
`Google but you might not know the actual IP address for
`Google.
`
`And this is the information that is input into the
`connection request. And that creates this name resolution
`mechanism where it converts the name to an IP address.
`Let's go to slide 7. I'm going to talk about these
`last two points together, and that is establishing based on a
`determination that the secure communication mode has been
`enabled, and then also initiating establishment of the
`encrypted communication link with resources received from
`the server that is separate from the first device.
`They sort of go hand- in- hand. I want to talk about
`them at the same time. If you can go to slide 23, please.
`What Windows --
`JUDGE WEINSCHENK: Please talk about the
`claim first and what it requires before we get into what
`Windows Resource Kit shows.
`MR. BORDER: Sure, Your Honor.
`JUDGE WEINSCHENK: I think there is some
`dispute here about whether the server has to be separate from
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`11
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`just the first device or separate from the first and second
`device.
`
`MR. BORDER: That's right, Your Honor. There is
`a dispute about that. And as you know from the claims, they
`only require that the server is separate from the first device.
`They do not require that the server be separate from the
`second device.
`And I note that there are many descriptions in the
`'643 patent where various components of the system are
`combined into single devices. They are split among multiple
`devices. So we think this is consistent with the specification
`that, for example, you could have a server and second device
`reside on the same program.
`JUDGE WEINSCHENK: Do we have an example
`from the spec where the server is combined with the second
`device, because I don't recall you pointing me to an example
`of that?
`
`MR. BORDER: That's correct, Your Honor. Do
`you want to go to slide 26? There are numerous descriptions
`in the '643 patent of combining devices, but, you are correct,
`there is no description of the second device residing on the
`same computer as the server.
`It does explain that servers can be both programs
`and devices. And so based on the claim language itself we
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`12
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`don't see any issue with the server computer or program
`residing on the same device as the second device.
`JUDGE WEINSCHENK: So are you really relying
`just on the claim language to support your argument mostly?
`MR. BORDER: Mostly, Your Honor, but also in
`the description of the '643 patent. Can you go to slide 27?
`Again, there are multiple descriptions in the '643 patent, such
`as here at column 40, lines 30 to 32, and also column 40, lines
`38 to 42, where it talks about implementing functions either in
`single devices or across multiple devices.
`We think that our reading of the claims, which can
`have the secure server operate on the same device, the second
`device, is perfectly consistent with the specification as
`supported by the claim language itself.
`Can you go back to the claim language again?
`Again, Your Honor, this is slide 25. Again, it only says that
`the server needs to be separate from the first device. It does
`not require that the server be separate from the second device.
`Let's go to slide 23, please. Again, we wanted --
`what we showed was that the secure communication link is
`established based on this IPSec driver that resides on host A
`and it checks the security policy and, for example, if the
`security policy is high, it will determine that IPSec must be
`used for the communication.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`13
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`This is a determination that a secure
`communication mode has been enabled. And this is in the
`Windows Resource Kit at page 1021.
`Go to slide 24, please. And in further describing
`this process, excuse me, the Windows Resource Kit explains
`that if they do, if the computers do agree to use this IPSec
`protocol, they exchange public keys, they exchange public
`keys and establish a shared secret key, apart from
`authenticating the two computers, this is the computer B
`sending an encryption key back to host A, as we explain in our
`petition and in our reply.
`This key is the encrypted communication link
`resource of the claims. It is received from computer B. It is
`sent from computer B to host A. If we go back to the claim
`language really quick, slide 25, again, all that is required by
`this claim is that this encrypted communication link resource,
`which is this key that is sent from host B to computer A, is
`received from a server, computer B, that is separate from the
`first device, computer A.
`JUDGE WEINSCHENK: And the at least one
`network address is the thing you received from the DNS
`server?
`
`MR. BORDER: That's correct, Your Honor.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`14
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`JUDGE WEINSCHENK: Can we, in the interest of
`time, jump to claims 7 and 22, which I believe recite the
`secure domain name service?
`MR. BORDER: Yes, Your Honor. That's exactly
`where I was going next. Let's go to slide 32, please. The
`parties proposed different constructions for the secure domain
`name service. Petitioner's construction is consistent with the
`specification, which explains that an SDNS is simply a
`cross-reference database of secure domain names and
`corresponding network addresses. Patent Owner's construction
`brings in additional elements that are not present in the
`specification.
`If we go to slide 33, after we filed our petition, the
`Board in a related proceeding construed the term SDNS. We
`believe it is consistent with our construction and, as we show
`in our reply, there are no consequences to the differences. The
`differences primarily being this last phrase: "for which a
`conventional domain name service cannot resolve addresses."
`JUDGE WEINSCHENK: Do you have any
`objection to that construction?
`MR. BORDER: No, Your Honor.
`JUDGE WEINSCHENK: And you would agree
`
`with it?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`15
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`MR. BORDER: We would agree with it, Your
`Honor. And as we showed in our reply, I believe, at pages 10
`and 11, we meet this construction as well.
`Can you go to slide 31?
`JUDGE WEINSCHENK: Before we go into the
`teachings of the Windows Resource Kit, I want to go back.
`Can you go back to the previous slide that had the parties'
`proposed constructions?
`Patent Owner adds something else in there and I
`think it is just a definition of what a secure computer network
`address is?
`MR. BORDER: Yes, Your Honor.
`JUDGE WEINSCHENK: They say it is a network
`address that requires authorization for access.
`MR. BORDER: Uh-huh.
`JUDGE WEINSCHENK: Do you have any problem
`with that? I believe you guys agreed to that construction in a
`different proceeding as well.
`MR. BORDER: Your Honor, I'm not certain that
`we did agree to that construction, but I'm going off memory
`here. We did show that the secure network addresses in the
`Windows reference do require authorization for access.
`We don't think there is any description in the
`specification to support that requirement. In fact, under the --
`let's see.
`
`
`
`16
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`JUDGE WEINSCHENK: I guess what I'm just
`getting at here is you guys have secure network address in
`your construction.
`MR. BORDER: That's correct.
`JUDGE WEINSCHENK: And Patent Owner has
`further defined that term. And what I'm trying to get at is, do
`the parties have a common understanding as to what that term
`means or is there a dispute about that?
`MR. BORDER: Yes, Your Honor, I think there is a
`dispute about that. I think what we have shown and what the
`Board has previously determined -- if you can go to the
`Board's previous finding, of secure network address -- is
`that -- sorry, of secure domain name, is that it is simply a
`name that corresponds to a computer network address.
`And I think that is supported in the specification in
`part by the description of the secure domain name service,
`again, which is just a database of corresponding domain names
`and network address.
`We don't think that the secure domain name
`requires, or a secure network address requires to show
`authorization, but we did show both in the Windows Resource
`Kit and Yeager that the relevant computers, for example, host
`B, does require authorization.
`JUDGE EASTHOM: Don't you also allege that
`they return a secure computer network address?
`
`
`
`17
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`MR. BORDER: That's correct, Your Honor. And
`can we go to slide 31?
`JUDGE EASTHOM: Because we're trying to figure
`out, I think, all the Judge was trying to figure out why these
`arguments are material to anything if the references disclose
`what they propose is their construction?
`MR. BORDER: I'm sorry, Your Honor, I'm not
`sure I follow your question.
`JUDGE EASTHOM: I guess we're trying to figure
`out why we need to resolve a claim construction dispute if
`you, you know, are asserting that even under their construction
`the references disclose or render those obvious?
`MR. BORDER: That's correct, Your Honor. There
`have been a number of Board decisions that said that there is
`no need to construe a term if there is no dispute as to -- if
`there is no dispute as to whether the reference discloses those
`elements.
`
`And, as we showed, our computers correspond to
`secure network address both under our construction and under
`the Board's construction, previous construction, and under
`Petitioner's construction. They do require authorization for
`access.
`
`Can you go back to the -- yes. They do -- they are
`network addresses that require authorization for access. And
`they also, with respect to the secure domain name service, we
`
`
`
`18
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`showed in our reply, page 14 in our 1009 reply, that this
`recognition that a message is requesting a secure computer
`network address is simply, as explained in the patent, just a
`lookup or a cross- referencing of a database of secure domain
`names and corresponding network addresses.
`So under either construction, we showed how the
`Windows Resource Kit and later Yeager discloses these terms.
`So you are correct, Your Honor, there is no need to construe
`this term.
`
`Let's go to Yeager.
`JUDGE WEINSCHENK: Can we look at Windows
`Resource Kit? I think you were going to show me that slide
`before and I turned you away from that.
`MR. BORDER: Yes, Your Honor.
`JUDGE WEINSCHENK: Let's talk about that now.
`MR. BORDER: That's slide 31.
`JUDGE WEINSCHENK: And my question for you
`is, can you explain to me in this figure and the description you
`have where the secure domain name server is and how we
`know it is a secure domain name service?
`MR. BORDER: Yes, Your Honor. The secure
`domain name server in this figure is the IS -- I'm sorry, is the
`name server on the intranet, intranet with an "a."
`This computer shows that in this private network
`you can have your own name resolution service. And this
`
`
`
`19
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`name resolution service will exist behind the Internet. It can
`only resolve -- it can only perform host name resolution on
`names corresponding to addresses on that private network.
`The computer on the public network --
`JUDGE SHAW: Does the reference say that, or
`could you point us to where the reference says that it can only
`resolve names on the private network?
`MR. BORDER: I think what we said was client --
`up there at the top, Your Honor, it is highlighted a little bit in
`yellow -- client 1 resolves intranet names by using a name
`server on the intranet, NoamDC1, and alternatively resolves
`Internet names by using a name server on the Internet, the
`public Internet, using the ISPNameServer.
`So that presents the dichotomy that is in the
`Windows Resource Kit between the two different name
`servers, one which cannot resolve names on the public network
`and one which cannot resolve names on the private network.
`JUDGE WEINSCHENK: So I have two questions
`for you. The first one is it looks to me like on the intranet and
`the Internet in that figure they are both resolving the same
`exact domain name.
`So that looks to me like the domain name can be
`resolved both by the intranet service and the Internet service.
`Am I wrong in that?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`20
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`MR. BORDER: I think what the reference
`explains, and this is the passage at the bottom, is that you can
`have a machine that is connected to two different networks.
`And so in this case it is the same machine, and it
`can be connected, for example, to an internal private network.
`It also can be connected to a public network.
`And so you could configure it to resolve based on
`essentially where the request is coming from. In one case if it
`is a request generated from the intranet, you would get --
`resolve this internal IP address, the 172.18.8.7. Alternatively,
`if it was a request from the public Internet you might get this
`other address.
`JUDGE WEINSCHENK: I guess the problem I'm
`having is, though, if we go with Patent Owner's construction it
`requires that there be a -- that it resolve a name that cannot be
`resolved by a conventional service.
`And to me it looks like the name being resolved by
`the intranet can also be resolved by the Internet.
`MR. BORDER: Oh, I see what you're saying, Your
`Honor. Actually what it explains is that there would be two
`different domain names.
`For example, at the bottom it says -- and this,
`again, is the Windows Resource Kit, Exhibit 1005, at 989 to
`90 -- if you do have this computer connected to two different
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`21
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`networks, you want it to have a different domain name on each
`network.
`
`So it is not the same domain name that is getting
`resolved. It is two different domain names, one corresponding
`to the private network, one corresponding to the public
`network. So it isn't a single domain name that is resolved. It
`is two different domain names.
`JUDGE WEINSCHENK: Okay. And then we know
`somehow that the one on the intranet cannot be resolved by the
`one on the Internet?
`MR. BORDER: Yes, Your Honor. And I believe
`that is described in our petition at page 39 in our reply at 12 to
`13. What our expert did is he looked at this figure and, based
`on his understanding, determined that this private network
`resolution service could only resolve those -- sorry, could only
`resolve the private addresses.
`And so -- but it could not resolve the request for
`the -- I'm sorry. The name registered on this intranet -- the
`intranet with an "a" -- it would not be registered with the
`public DNS, as it explains down at the bottom. So in that case
`it could not be resolved by that conventional DNS because it
`would not be registered with it.
`JUDGE WEINSCHENK: Just so you know, you are
`cutting into your rebuttal time right now.
`MR. BORDER: Okay, Your Honor.
`
`
`
`22
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`JUDGE WEINSCHENK: You can take some time
`off your rebuttal or if you would like to reserve at all.
`MR. BORDER: I will take some time off my
`rebuttal, Your Honor. I want to go quickly into Yeager.
`Let's go to slide 39. These are the main disputes
`between the parties with respect to Yeager. Let me touch on
`this first one real quick.
`Let's go to slide 40, actually. A brief overview of
`Yeager describes a person using a web browser to connect to a
`web server using HTTP protocol. It explains that some
`browsers can use SSL, which allows creation of an encrypted
`channel with the server. When it is combined with SSL it uses
`the HTTPS protocol. Then it describes an example where a
`user engages in purchase transactions.
`Let's go to slide 41.
`JUDGE WEINSCHENK: So I think there is some
`confusion here, or at least some arguments about when is the
`secure communication mode actually enabled? For example, is
`it enabled after you type in the entire address, including
`HTTPS and then hit enter? When is it enabled?
`MR. BORDER: Your Honor -- can we go to slide
`48 -- what we explain is that if the browser supports HTTPS,
`then it will not be auto- corrected by the browser. And that is
`consistent with -- can you please pull up the auto- correction
`slide?
`
`
`
`23
`
`
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`
`So what we explained is that if a user enters HTTP,
`and the browser determines that it supports HTTP, it will just
`simply initiate a communication link. If the user enters
`HTTPS, and the browser recognizes that it does not support
`HTTPS, it will not permit the connection and it will
`auto- correct it to HTTP.
`So in allowing the user to enter HTTPS, that is a
`determination that that browser supports SSL. Does that
`answer your question, Your Honor?
`JUDGE WEINSCHENK: So you are telling me that
`the secure communication mode is enabled by the fact that it
`doesn't auto- correct the address as you enter it?
`MR. BORDER: It is enabled, Your Honor, it is
`enabled by the fact that the user has specified HTTPS, and the
`browser's determination not to fix that, the user has enabled
`that secure communication mode by entering the HTTPS
`protocol.
`
`Let's go back to slide 42. This is -- well, let's go
`to slide 8, please. It is enabled when the user -- I'm sorry. It
`is enabled when the user types in the HTTPS into the browser.
`This is similar to a user entering a command into computer
`3301 to go secure. This is a description in the '643 patent.
`JUDGE WEINSCHENK: So I guess my question,
`the thing I'm having trouble with is I don't know how the
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`24
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Case IPR2015-01009 and IPR2015-01010
`Patent 8,843,643 B2
`
`computer knows that something is HTTPS until you entered it
`or clicked on it or something like that.
`Just typing those words, how does the computer
`know that you have entered a secure communication mode?
`MR. BORDER: Well, if you enter HTTPS it will
`check to see whether it has an SSL module within the Explorer
`program.